Jump to content
Wt_know

Bank Phishing and Scam

Recommended Posts

Supersonic (edited)

why "discontinue" the physical token and only accept phone apps

it's safe ... got 2FA [hur] 

isn't if insist using physical token, the scammer would not be able to add NEW PAYEE and raise LIMIT to transfer money out ...

FAST can transfer $200K chop chop curry pop ... don't play play

2022-01-15_120041.png

2022-01-15_115325.png

Edited by Wt_know
↡ Advertisement
  • Praise 3

Share this post


Link to post
Share on other sites

I feel there is a joint responsibility in this......saying the customer is fully at fault is not correct.

Yes, the customer should not have click the link. But there is also a 2FA system which falls entirely on the bank.

So why did the 2FA fails? Whose decision to use SMS or apps to do 2FA? That is the bank's decision.

So how can the customer be fully at fault on this?

  • Praise 3

Share this post


Link to post
Share on other sites

At this stage, it does not matter whose fault is it.

the fact is that so many supposedly tech savvy customers got scammed. If OCBC does not compensate, people will lose trust in the bank and park their money elsewhere. Why even take the risk? Not as if OCBC is the only bank here 

Share this post


Link to post
Share on other sites
5th Gear (edited)
32 minutes ago, Fitmugen said:

At this stage, it does not matter whose fault is it.

the fact is that so many supposedly tech savvy customers got scammed. If OCBC does not compensate, people will lose trust in the bank and park their money elsewhere. Why even take the risk? Not as if OCBC is the only bank here 

It can happen to any bank.....just that this time is OCBC. They all use the same 2FA methods.

The entire 2FA system and responsibilities need to be addressed and defined clearly at the regulatory level.  Otherwise, it will just happen again and again with consumers bearing the brunt. 

Edited by Starry
  • Praise 3

Share this post


Link to post
Share on other sites
Supersonic (edited)
12 minutes ago, Raychay said:

Despite this, OCBC shares still go up leh! 😅

as a bro posted, it's NOT a bank fault or mis-management 

it's the "regulation" that MAS should review and impose what SOP and 2FA to protect consumer

the current phone apps and SMS method is "easily" penetrable ... it's proven again and again

Edited by Wt_know
  • Praise 2

Share this post


Link to post
Share on other sites

Supersonic (edited)
4 hours ago, Fitmugen said:

At this stage, it does not matter whose fault is it.

the fact is that so many supposedly tech savvy customers got scammed. If OCBC does not compensate, people will lose trust in the bank and park their money elsewhere. Why even take the risk? Not as if OCBC is the only bank here 

An elderly friend of mine reasonably well educated engineer (in his early 70's with both kids working overseas) got scammed 2 years back (using DBS ). Scammer posed/called saying that your account is being used secretly or compromised by others ; Scammer will confuse you about everything and to a certain extent freeze your account temporarily (after asking you to go to a fake website where they managed to get the USER ID &  PW -  got into the wealth management account and this episode dragged over about 5-6 hours and scammer did screen sharing to "fake  help" to unfreeze his account and finally wiped out his entire account of over a few hundred thousand ( the only unfortunate thing was that the scammers called his land line and I think he did not even have Called ID 

After the episode he even had to change a new mobile phone ..... connot imagine if one's entire savings have been wiped out        

Edited by BanCoe
  • Shocked 1

Share this post


Link to post
Share on other sites
Supersonic (edited)

There is no such thing as a foolproof security but it does need to evolve every now and then but for some users they have a problem catching up with tech. The weak link will always be the user. That is also why scammers target the weak link and not the bank. For the elderly I think it is better for them to keep their money in a milo tin under their beds. We no longer live in attap huts that can be broken into easily or get blown away by strong winds so keeping their money in a milo tin is not such a bad idea.

 

Edited by Watwheels
  • Haha! 1

Share this post


Link to post
Share on other sites

can happen to man too ... if you are drunk at KTV ... lol

2022-01-15_225918.png

  • Haha! 1

Share this post


Link to post
Share on other sites
Supercharged
22 hours ago, Starry said:

I feel there is a joint responsibility in this......saying the customer is fully at fault is not correct.

Yes, the customer should not have click the link. But there is also a 2FA system which falls entirely on the bank.

So why did the 2FA fails? Whose decision to use SMS or apps to do 2FA? That is the bank's decision.

So how can the customer be fully at fault on this?

I think users whom fell for the phishing also unknowingly authorised the 2FA authentication. 

Just checking, for users who are still using sms as 2FA, how easy it is to change the mobile number that is used for sms 2FA?

I know for the the app which is used as a digital token for 2FA, to change from one mobile phone to another, it is necessary to call the bank to inform them and it takes at least a day for the back end to process before another phone app can be registered as new app took. So it is very difficult for scammers to take over the digital token even the online banking is compromised. 

 

Share this post


Link to post
Share on other sites
Supersonic (edited)
43 minutes ago, Gizmore said:

So it is very difficult for scammers to take over the digital token even the online banking is compromised. 

quick question

if you are mugged with a knife on your throat, will you comply to tansfer $200K on the spot with digital token on the phone?

i presume we all bring phone to every where including toilet but we keep physical token at home

actually, victim no need to do anything ... once the phone is unlocked with face-id ... the robber can DIY do anything he wants ...

better don't get drunk or drugged in KTV ... [laugh] 

Edited by Wt_know
  • Praise 1

Share this post


Link to post
Share on other sites

finally ... take action liao

need OCBC $8.5M lost as wake up call to take action ... huat ah!

2022-01-19_212517.png

Share this post


Link to post
Share on other sites
Turbocharged

To add on, sometimes i find it ridiculous to receive cold calls from banks asking whether im interested to buy insurance or investment products...then they will ask yiu.."b4 we begin sir, we would like to verify your personal details..."

The moment i hear this..i tell these folks..thanks but no thanks..no way im gonna reveal my personal data to you if im not sure yiu are really calling from the bank..crazy man..what if yiu are just a pretender phishing for my details? Want to make a cold call..then dun ask stoopid questions that i wont begin to answer.

↡ Advertisement
  • Praise 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×